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DETAILED ACTION 

Response to Amendment 
This office action is in response to amendment filed on 03/29/06. The amendment filed 
on 03/29/06 have been entered and made of record. Therefore, presently pending claims are 1, 4- 
7, 9-11, 13, 16, 18, and 20-34. 



Response to Arguments 
Applicant's arguments filed 03/29/06 have been fully considered. The national filing for 
the European patent for the Rowland reference has been provided and the text by Stallings. 



Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 5, 7, 16, 18, 22-28, and 31-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rowland et al (5,848,412) in view of the book by Stallings ("Network and 
Internetwork Security"). 

In reference to claims 1, J6, and 37, Rowland discloses a method for sharing user 
information, comprising (abstract): receiving from a user an identification of a level of access 
that is to be extended to a web site host (column 5 lines 14-23); assigning a user code to the web 
site host when the user visits a web site maintained by the web site host (Fig. 6); receiving form 
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the web site host a request for information concerning the user and the name of the server 
(column 6 lines 24-32); determining a level of access for which the web site host is authorized 
from the user code received form the web site host (column 6 lines 50-54); and transmitting user 
information to the web site host that pertains to the user code (part 712 Fig. 7). 

Although Rowland discloses a process to determine the level of access available to the 
web site, Rowland does not disclose a system wherein the browser receives an access code to 
determine the level of access. Rowland also teachers receiving from the website host a request 
for information concerning the user. 

Stallings discloses a system wherein the Initiator A provides Responder B, which 
corresponds to the website host, with the nonce Nl (user code) when the user visits Responder B. 
Stallings teaches further receiving from the Responder B the nonce Nl, user code that was 
received from the web site host (pages 135-136 Figure 4.16). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to provide the user access code in the form of a Nonce and to then receive the 
Nonce Nl from the Responder, web site host, for determining the level of access in Rowland. 
One of ordinary skill in the art would have been motivated to do this because sending the 
receiving the user code that was provided earlier ensures that the correct code is at the receiver 
and the sender, further the nonce can be used to uniquely identify the transaction. 

In reference to claims 27 and 31, Rowland discloses a method for sharing user 
information, comprising (abstract): assigning with the e-service a user code to each level of 
access and therefore each information set (71 1 Fig. 7 and column 6 lines 1 1-18); receiving at the 
e-service from the user an indication of a level of access that is to be granted to all web sites 
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visited by the user (712 Fig. 7); determining with the e-service a level of access for which the 
web site host is authorized form the user code received from the web site host (column 6 lines 
50-54); and transmitting from the e-service to the web site host user information that pertains to 
the user code received from the web site host (column 6 lines 64-67). An e-service is any asset 
that is made available via the Internet to drive new revenue streams or create new efficiencies. 
In the system of Rowland the website receives user information and therefore an e-service since 
the user information is an asset that is made available via the Internet to create new efficiencies. 

Although Rowland discloses the use of access level (user code) for the e-service, 
Rowland does not teach receiving at the e-service a user code that has been provided to a web 
site host by the user. 

Stallings discloses a system wherein the Initiator A provides Responder B, which 
corresponds to the website host, with the nonce Nl (user code) when the user visits Responder B 
(pages 135-136 Figure 4.16). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to provide the user access code in the form of a Nonce and to then receive the 
Nonce Nl from the Responder, web site host, for determining the level of access in Rowland. 
One of ordinary skill in the art would have been motivated to do this because sending the 
receiving the user code that was provided earlier ensures that the correct code is at the receiver 
and the sender, further the nonce can be used to uniquely identify the transaction. 

In reference to claims 5 and 18, wherein the step of determining the level of access 
comprises comparing the user code provided by the web site host with a user code assigned to 
the user and relevant to a particular user information set (column 5 lines 55-58). 
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In reference to claim 7 wherein the step of transmitting user information comprises 
transmitting user profile information while withholding personal information about the user (Fig. 
6). 

In reference to claim 22, wherein receiving an identification of a level of access 
comprises receiving selection of one of an anonymous mode in which only profile information 
and no personal information is provided, and a full disclosure mode in which profile information 
and personal information is provided (column 5 line 66 to column 6 line 7). 

In reference to claim 23 wherein receiving an identification of a level of access further 
comprises receiving user selection of a category of information to share (Fig. 5). 

In reference to claim 24, wherein receiving user selection of a category comprises 
receiving user selection of at least one of a personal category a business category, and a financial 
category. 

In reference to claim 25, wherein assigning a user code comprises assigning a first code 
pertinent to an initial level of access to be provided to the web site host and a second code 
pertinent to a deeper level of access that can be manually provided by the user if desired. 

Although Rowland discloses assigning codes to websites that are possibly assigned 
manually, Rowland does not disclose assigning he second code pertinent to a deeper level of 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add more levels of code pertinent to deeper levels of access in the system 
Rowland. One of ordinary skill in the art would have been motivated to do this because it would 
allow greater control on the amount of access. 
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In reference to claims 26, 28 t and 32, wherein providing the user code comprises 
automatically providing the first user code to the web site host when the user visits the web site, 
and providing the second user code to the web site host if the user chooses to so provide the 
second user code. 

Although Rowland discloses assigning codes to websites that are possibly assigned 
manually or automatically, Rowland does not disclose assigning he second code pertinent to a 
deeper level of. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add more levels of code pertinent to deeper levels of access in the system 
Rowland. One of ordinary skill in the art would have been motivated to do this because it would 
allow greater control on the amount of access. 

Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rowland in view 
of Stallings as applied to claim 2 above, and further in view of Schneier. 

In reference to the user code comprises a transient key. A transient key is a key that 
expires after a period of time. 

Rowland does not expressly disclose the code that was designated by the user comprising 
a transient key. 

Schneier teaches that a key should expire automatically; therefore a system should have a 
policy that determines the permitted lifetime of a key (pages 183-184). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a code that expires after a certain period of time as disclosed in Schneier in 
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the system of Rowland. One of ordinary skill in the art would have been motivated to do this 
because the longer the code is used the greater the chance that the system will be compromised. 

Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rowland in view 
of Stallings as applied to claim 1 above, and further in view of Henrick et al (6,055,510). 

Regarding transmitting user information from a centralized repository which stores user 
information for a plurality of users. 

Rowland does not expressly disclose transmitting the user information from a centralized 
repository that stores user information fro a plurality of users. 

Henrick discloses a system and method of storing user information in a centralized 
repository (column 4 lines 32-37) and transmitting the user information from this centralized 
repository to a website (particular advertiser; column 4 line 66 to column 5 line 10) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a central repository to store the user information and transmit the user 
information to the host website. One of ordinary skill in the art would have been motivated to do 
this because the ISP can take advantage of the unique customer knowledge with respect to user 
likes and dislikes, while preserving the privacy of the customer, to attract businesses with interest 
in customer bases. 

Claims 9-11, 13, 20-21, 29-30, and 33-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rowland in view of Stallings as in claims 1, 16, 27, and 31 and further in view 
of Davis et al (6,367,009 Bl) 
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In reference to claims 13, 30, and 34, Rowland discloses a method for acquiring user 
information that is used to personalize a web site for the user (column 1 lines 1-30 in 
combination with abstract). 

Although Rowland discloses the website host requesting user information (column 6 lines 
12-15), Rowland does not disclose the user information being stored at centralized repository and 
providing the user code to the centralized repository. 

Davis discloses the ETS that is a relational database manager (centralized repository 
storing) that stores user information needed by the intermediate MTS (website server; column 9 
lines 24-48). The client delegates authentication to the MTS to retrieve the user information. 
The MTS uses the certificate chain, which includes information from the client certificate that 
was provided by the client (column 13 lines 1-58), this performs the function of providing 
authentication and code required by the ETS (column 14 lines 14-40) to authenticate the MTS 
and provide the user information (column 9 lines 25-48 in combination with column 13 lines 53- 
58). This is the function of the user code sent to the website host. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a central repository to store the user information and transmit the user 
information to the host website. One of ordinary skill in the art would have been motivated to do 
this because the ISP can take advantage of the unique customer knowledge with respect to user 
likes and dislikes, while preserving the privacy of the customer, to attract businesses with interest 
in customer bases. 



Application/Control Number: 09/838,807 Page 9 

Art Unit: 2135 

In reference to claims 9 and 20, wherein providing a web site host with the user code 
comprises automatically providing the user code when the user visits the web site (column 6 
lines36-44). 

In reference to claims 11 and 21 wherein providing a web site host with the user code 
comprises providing the user code to the web site host that is manually entered by the user at the 
web site (column 6 lines 45-5 1). 

In reference to claims 10, 29, and 33, wherein the user code is automatically appended to 
a uniform resource locator (URL) of the web site. 

Rowland and Davis do not expressly disclose the code being appended to the URL of the 
web site- 
However, since Davis discloses sending the certificate as part of a message and Rowland 
discloses sending the request with the information that the web server requires, at the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to append 
the code to the URL, One of ordinary skill in the art would have been motivated to do this 
because it would conserve bandwidth to send it as one message instead of multiple messages. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct. uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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Monday, April 10, 2006 
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